Everyone is Switching to Mac!

April 2009

April 14, 2009

Subscribing to the newsletter has its benefits as those on the list found out when they starting receiving the e-mail Dave sent regarding his surprise sale earlier today. Now through Sunday you can pick up a 1Password license for 25% off the regular price by clicking on the cupcake.

If you are not subscribed to the newsletter yet, enter your e-mail in the box below Join Our Newsletter at the top right of this page and click the Go button.

Finally, feel free to "roast" Dave in the comments for this entry as part of the birthday festivities. :)

April 13, 2009

The MacHeist 3 bundle sale came to and end last week and the results were pretty impressive. Over 80,000 bundles were sold and close to $850,000 of the proceeds will be distributed to the charities as determined by bundle purchasers. As a bonus they added an application named AppShelf to the bundle to help people store their software serial numbers and packaged all the MacHeist 3 bundle serials in an AppShelf property list file. A lot our users already store all their software serials and registration codes in 1Password so we wanted to make it easy for 1Password users to do this too.

Version 2.9.13 of 1Password adds a new importer that makes getting your MacHeist 3 bundle serials into 1Password fast and easy.

Once you have have updated to version 2.9.13 of 1Password, here is what you will want to do:

Note: The default uses the name of the file as the folder name and make that folder a sub-folder of Imported in 1Password. Changing the field to a blank value will cause 1Password to import the entries without assigning them to a folder.

7. Click the Import .. Select Items button and you now have all your MacHeist 3 bundle serials in 1Password wallet items.

April 07, 2009

There have been a few questions recently about how 1Password chooses (or knows, depending on your perspective and experience) which logins to offer to fill on a given page. In this post, I want to talk about Precise URL Matching - what it is, how it works, and how it might apply to you.

How Precise URL Matching Works

As of 2.9.8, we have a new feature called Precise URL Matching, which means that your logins are compared against the URL to find the best available match and use it. If more than one login matches at the same level, you get the option to choose. All other logins for the domain are available in the Other Logins menu.

Case Study

Let's create a fictitious scenario. Let's say you have these logins saved:

If you go to the main this.domain.com page, the first two logins will match equally because they match the subdomain and top level domain but don't match on the path. So, if you had a login form on the main this.domain.com page and pressed cmd+\ you'd be presented with a popup menu containing the first two logins. The last four logins would be in the Other Logins menu because they don't match as well.

But, if you went to this.domain.com/path/to/secret/page and pressed cmd+\, you'd be logged in with the first login because it is a better match than the second login.

The last scenario involves you visiting a page on that domain that you don't have stored. So, if you go to yetanother.domain.com and press cmd+\, you'll see a popup menu of all six logins. All six match the same because they all match just the top level domain.

Conclusion

If you have many logins for a particular domain, it might be worth the time revisiting the Location field of those logins to see if there are some ways that you could make them more specific. For instance, if you imported your company intranet's login (https://bigcorp.com/intra) and the login for your ERP system (my.bigcorp.com for PeopleSoft, etc.) from the login keychain, it likely has its location as just bigcorp.com. If you changed the Location to the full, precise URL for where those pages actually are, you can login with just a stroke of cmd+\ rather than having to choose from a menu each time.

This might be more information than you bargained for, but I hope that it gives you some insight into what 1Password is doing when it offers you only a subset of your logins for a given domain rather than its old behavior of offering them all every time. Once you understand Precise URL Matching, you can put it to work for you in some interesting ways.

April 01, 2009

Chris mentioned on Twitter the security risk associated with security questions. This sounds counterintuitive, but most of the security questions companies ask you in order to reset your password are things that are easy to find if you know where to look. And the criminals who want your data usually know where to look.
This struck me as really odd. I never tell the truth on these kinds of questions. In fact, I don't know the answer to most of my security questions. But 1Password does.
I have taken to using the 1Password Strong Password Generator to generate long random passwords with no numbers or special characters. (These would likely not be allowed in an answer to a security question.) So, when websitex.com asks me for my mother's maiden name, they get something like this:

So, in addition to not remembering my passwords anymore, I don't remember my security questions either. I store this information either in the "Password History" section of 1Password or better yet in the notes field of the login that the security question belongs to. Sure, this takes a little time to set up for each account and I haven't gone back through most of my old accounts to change these, but when setting up a new account, I definitely take the time to add an extra layer of security to my online life.